Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Optimization Research Laboratory

Published byDirk Kalb Modified over 6 years ago

Similar presentations

Presentation on theme: "Network Optimization Research Laboratory"— Presentation transcript:

1 Network Optimization Research Laboratory
The Proposal of Near Optimal Network Defense Resource Allocation Policies for Maximization of Network Survivability 達成網路存活度最大化之近似最佳化防禦資源配置策略 ─ 利用網路分隔度計算 Wendy Y.F. Wen Network Optimization Research Laboratory Dept. of IM, NTU

2 Outline Background Motivation Concept of DOS Problem Formulation
Model 1 Model 2 Solution Approach

3 Background We have become dependent on the computer networks that support our daily lives and the reliance on these networks have made us more vulnerable to their disruption. The concept of availability or reliability is not enough to describe the state of attacked or failed systems. How to assess and evaluate the system survivability effectively and efficiently is an urgent and crucial issue.

4 Motivation The computerized systems do not have only two states, functional and malfunctioned. The previous measurement of network survivability is either rather sparse or hard-understood. We try to propose a flexible, simple, and brand-new metric of network survivability.

5 Concept of DOS

6 Introduce of DOS Degree of Separation
Degree of Segmentation, Degree of Segregation, and Degree of Disconnectivity This metric is used to measure the damage of a given network. The larger DOS value, the larger damage of a network. If a DOS value is larger than established threshold, the network is compromised. (actually, the meaning of which is the same as Degree of Segmentation, Degree of Segregation, and Degree of disconnectivity).

7 Illustration of DOSOD pair (con’t)
After Attack: Cp = 1M+6ε DOSO-D = 1 O D After Attack: Cp = 1M+8ε DOSO-D = 1 O D DOSO-D = O D

8 Illustration of DOSnetwork (2)
Intact Network: DOSO1-D1 = 0 DOSO2-D2 = 0 DOSnetwork = 0 D1 O1 D2 O2 After Attack: DOSO1-D1 = 1 DOSO2-D2 = 1 DOSnetwork = (1+1)/2 = 1 D1 O1 D2

9 Problem Formulation Model 1

10 Problem Description The field of network survivability we discussed here focus on network connectivity. As an attacker, we try to figure out what minimal attack cost to compromise a target network is. We use the concept of the DOS to calculate network survivability. If DOSnetwork is larger than a given parameter, S, we are certain that the network survivability is under security standard.

11 Problem Assumptions The survivability metric is measured as the connectivity of each OD pair in a network. Any two nodes in the network will be able to form a pair of OD pair. The attacker and the defender have complete information about the targeted network topology. We consider bounded network. We consider node attacks only. If a node is broken, its adjacent outgoing links are subsequently not functional We consider malicious attacks only. The defender’s budget allocation strategy is a given parameter.

12 Given Parameter Notation Description V
The index set of all nodes in the network L The index set of all links in the network W The index set of all origin-destination pairs in the network OUT i The index set of outgoing links of node i, where iV Pw The index set of all candidate paths of an OD pair w, where wW M A large enough number that denotes the link is disconnected; i.e., arc weight if the link is broken. ε A small enough number that denotes the link is functional. δpl An indicator function, which is 1 if link l is on path p, and 0 otherwise, where lL, pPw bi The budget allocated to node i S The threshold of total network damage

13 The upper bound of S Linear Topology: Ring Topology:
N: the number of nodes in a network L: the number of links in a network

14 Decision Variable Notation Description yi
1 if node i is compromised, and 0 otherwise, where iV twl 1 if link l is used by an OD pair w, and 0 otherwise, where lL, pPw xp 1 if path p is chosen, and 0 otherwise, where pPw cl Cost of link l, which is ε if link l is functional, and M+ε if link l is broken, where lL

15 Objective function (IP 1)
(IP 1) is to minimize the total attack cost as an attacker. That is, an attacker minimizes the objective value by deciding which node should be compromised denoted by yi.

16 Constraints (IP 1.1) (IP 1.2) (IP 1.3) (IP 1.4) (IP 1.5) (IP 1.6)
(IP 1.1) describes the definition of the cost of link l, which is ε if link l functional, and M+ε if link l is broken. To simply the process of problem solving, we will slightly adjust this constraint form equation into inequality, i.e. from ‘=’ into ‘≦’. (IP 1.2) requires that the selected path for an OD pair w should be the minimum cost path. (IP 1.3) is the relationship between twl and xpδpl. We use the auxiliary set of decision variables twl to replace the sum of all xpδpl in order to simplify the problem-solving procedures. To simply the process of problem solving, we will slightly adjust this constraint form equation into inequality, i.e. from ‘=’ into ‘≦’. (IP 1.4) determines whether a target network is compromised or not. (IP 1.5) and (IP 1.6) , for an OD pair w, jointly require that only one path of all candidate paths of which is selected. (IP 1.7) determines whether node i is compromised or not. (IP 1.8) determines whether link l is used to form the minimum cost path of an OD pair w or not. (IP 1.9) requires that the value of each cl should be either ‘ε’ or ‘M+ε’. We add redundant constraint (IP 1.9) due to the need of Lagrangean relaxation problem.

17 Problem Formulation Model 2

18 Problem Description How does a network operator allocate defense budget to a network to maximize the defense effect. We will dispense defense budget to each vulnerable node so effectively and efficiently that a potential attacker increasingly boost his/her attack cost. A smart attacker also increasingly explores wayasto minimize his/her attack cost. A problem with max-min structure will be formed in Model 2.

19 Problem Assumptions The survivability metric is measured as the connectivity of each OD pair in a network. Any two nodes in the network will be able to form a pair of OD pair. The attacker and the defender have complete information about the targeted network topology. We consider bounded network. We consider node attacks only. We consider malicious attacks only. The objective of the attacker is to minimize the total attack cost in the inner problem of Model 2. The objective of the defender is to distribute the total amount of defense budget effectively so as to maximize the minimal attack cost of the attacker in the outer problem of Model 2.

20 Given Parameter Notation Description V
The index set of all nodes in the network L The index set of all links in the network W The index set of all origin-destination pairs in the network OUT i The index set of outgoing links of node i, where iV Pw The index set of all candidate paths of an OD pair w, where wW M A large enough number that denotes the link is disconnected; i.e., arc weight if the link is broken. ε A small enough number that denotes the link is functional. δpl An indicator function, which is 1 if link l is on path p, and 0 otherwise, where lL, pPw bi The budget allocated to node i S The threshold of total network damage B The total defense budget

21 Decision Variable Notation Description yi
1 if node i is compromised, and 0 otherwise, where iV twl 1 if link l is used by an OD pair w, and 0 otherwise, where lL, pPw xp 1 if path p is chosen, and 0 otherwise, where pPw cl Cost of link l, which is ε if link l is functional, and M+ε if link l is broken, where lL bi The budget allocated to node i

22 Objective function (IP 2)
(IP 1) To maximize the attacker’s minimal total attack cost.

23 Constraints (IP 2.1) (IP 2.2) (IP 2.3) (IP 2.4) (IP 2.5) (IP 2.6)
Constraints (IP 2.1) ~ (IP 2.9) are the same as (IP 1.1) ~ (IP 1.9) of Model 1 except the following two constraints: (IP 2.10) reflects our argument that the optimality condition for the defender holds if and only if the total budget, B, is fully used. (IP 2.11) requires that the set of decision variable, bi, is continuous and bounded by 0 and B.

24 Solution Approach Model 1

25 Lagrangean Relaxation Method

26 Constraints of Model 1 (IP 1.1) (IP 1.2) (IP 1.3) (IP 1.4) (IP 1.5)
(LR 1) Constraints (IP 1.5) ~ (IP 1.9) of the primal problem are still remained, denoted as (LR 1)~(LR 5) in the LR problem. (LR 2) (LR 3) (LR 4) (LR 5)

27 Optimization problem (LR)
we will relax Constraints (IP 1.1), (IP 1.2), (IP 1.3), and (IP 1.4) combining with respectively associated Lagrangean multipliers, , of primal problem (P) to obtain Lagrangean relaxation problem (LR) as follows (LR)

28 Sub-problem 1 related to decision variable xp subject to
分解成w個獨立的shortest cost path的子問題, 就是每對OD pair個別決定其Xp的值,而multipiler u3可以成為link l的成本,並利用Dijkstra’s shortest path 演算法來解決. (Sub 1.2) Time complexity: O(|W|×|V|2)

29 Sub-problem 2 related to decision variable yi subject to
利用quick sort來遞昇排序Yi的係數, 若Yi的係數是正的,則Yi設成0,若Yi的係數是負的,則Yi設成1, (Sub 2.1) Time complexity: O(|V|2)

30 Sub-problem 3 related to decision variable twl, cl subject to
由Sub 3.1與Sub 3.2所知, Twl與Cl都各有2種選擇, 故利用exhaustive search去決定他們的值,並進而分解成L個小問題去解 (Sub 3.1) (Sub 3.2) Time complexity: O(|W|×|L|)

31 Thank you for your listening.

Download ppt "Network Optimization Research Laboratory"

Similar presentations

1 Material to Cover  relationship between different types of models  incorrect to round real to integer variables  logical relationship: site selection.

1 Material to Cover  relationship between different types of models  incorrect to round real to integer variables  logical relationship: site selection.
Linear Programming. Introduction: Linear Programming deals with the optimization (max. or min.) of a function of variables, known as ‘objective function’,

Linear Programming. Introduction: Linear Programming deals with the optimization (max. or min.) of a function of variables, known as ‘objective function’,
~1~ Infocom’04 Mar. 10th. 2004 On Finding Disjoint Paths in Single and Dual Link Cost Networks Chunming Qiao* LANDER, CSE Department SUNY at Buffalo *Collaborators:

~1~ Infocom’04 Mar. 10th On Finding Disjoint Paths in Single and Dual Link Cost Networks Chunming Qiao* LANDER, CSE Department SUNY at Buffalo *Collaborators:
Introduction to Algorithms

Introduction to Algorithms
‧指導教授:林永松 博士 【 Master Thesis 】 Oral Examination A Near-Optimal Redundancy Allocation Policy to Minimize System Vulnerability against Hazardous Events and.

‧指導教授:林永松 博士 【 Master Thesis 】 Oral Examination A Near-Optimal Redundancy Allocation Policy to Minimize System Vulnerability against Hazardous Events and.
Markov Game Analysis for Attack and Defense of Power Networks Chris Y. T. Ma, David K. Y. Yau, Xin Lou, and Nageswara S. V. Rao.

Markov Game Analysis for Attack and Defense of Power Networks Chris Y. T. Ma, David K. Y. Yau, Xin Lou, and Nageswara S. V. Rao.
Crew Scheduling Housos Efthymios, Professor Computer Systems Laboratory (CSL) Electrical & Computer Engineering University of Patras.

Crew Scheduling Housos Efthymios, Professor Computer Systems Laboratory (CSL) Electrical & Computer Engineering University of Patras.
1 Fast Primal-Dual Strategies for MRF Optimization (Fast PD) Robot Perception Lab Taha Hamedani Aug 2014.

1 Fast Primal-Dual Strategies for MRF Optimization (Fast PD) Robot Perception Lab Taha Hamedani Aug 2014.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.

Detecting Network Intrusions via Sampling : A Game Theoretic Approach Presented By: Matt Vidal Murali Kodialam T.V. Lakshman July 22, 2003 Bell Labs, Lucent.
Lecture 3. Notations and examples D. Moltchanov, TUT, Spring 2008 D. Moltchanov, TUT, Spring 2015.

Lecture 3. Notations and examples D. Moltchanov, TUT, Spring 2008 D. Moltchanov, TUT, Spring 2015.
The Shortest Path Problem

The Shortest Path Problem
Max-flow/min-cut theorem Theorem: For each network with one source and one sink, the maximum flow from the source to the destination is equal to the minimal.

Max-flow/min-cut theorem Theorem: For each network with one source and one sink, the maximum flow from the source to the destination is equal to the minimal.
Chapter 19 Linear Programming McGraw-Hill/Irwin

Chapter 19 Linear Programming McGraw-Hill/Irwin
Operations Research Assistant Professor Dr. Sana’a Wafa Al-Sayegh 2 nd Semester 2008-2009 ITGD4207 University of Palestine.

Operations Research Assistant Professor Dr. Sana’a Wafa Al-Sayegh 2 nd Semester ITGD4207 University of Palestine.
Quasi-static Channel Assignment Algorithms for Wireless Communications Networks Frank Yeong-Sung Lin Department of Information Management National Taiwan.

Quasi-static Channel Assignment Algorithms for Wireless Communications Networks Frank Yeong-Sung Lin Department of Information Management National Taiwan.
Introduction A GENERAL MODEL OF SYSTEM OPTIMIZATION.

Introduction A GENERAL MODEL OF SYSTEM OPTIMIZATION.
Linear Programming McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.

Linear Programming McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies, Inc. All rights reserved.
Maximization of Network Survivability against Intelligent and Malicious Attacks (Cont’d) Presented by Erion Lin.

Maximization of Network Survivability against Intelligent and Malicious Attacks (Cont’d) Presented by Erion Lin.
Highway Risk Mitigation through Systems Engineering.

Highway Risk Mitigation through Systems Engineering.

Similar presentations

Ads by Google